Solved

Replace Cisco PIX 515 E with?

Posted on 2010-11-23
10
773 Views
Last Modified: 2012-05-10
I am planning to replace my Cisco PIX 515 E because it coming to EOL, can some one suggest any replacment model for this firewall.
0
Comment
Question by:sf999
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
0
 
LVL 6

Expert Comment

by:djcapone
Comment Utility
Depending on what you are using the 515E for, the ASA5505 w/50 user or unlimited licenses may suite your needs and save you some money over the other units.

Based on your initial post, it does not appear that you have redundant devices and as such, I'm inclined to believe the ASA5505 will meet your needs.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
This will depends on how many users, are you planning on using VLANS, are you planning on publishing any internal hosts to the public, are you looking for a VPN solution as well?

0
 

Author Comment

by:sf999
Comment Utility
yes we have a hosted web application and vpn as well
0
 
LVL 9

Expert Comment

by:DanJ
Comment Utility
Assuming PIX 515E was suited for your needs I suggest to choose based on the EOL document
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_the_Cisco_PIX_515E_Security_Appliance.html
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
How many VPN clients and how many site to sites?   Also, do you have a DMZ zone for your public facing system?    If yes, do your internal clients need to access this host as well?


0
 

Author Comment

by:sf999
Comment Utility
we have around 15 vpn users and 1 site to site vpn, this firewall is hosting center and all are public facing. there is no DMZ, Internal users use site to site VPN to access hosting center.
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
Comment Utility
I think the ASA 5505 with security Plus would be sufficient assuming there won't be much growth.    
It will give you enough vpn sessions to cover your current load with a little room for growth.    Take a look and the next model up, 5510, in case you anticipate more VPN users in the future.



http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range

0
 
LVL 6

Expert Comment

by:djcapone
Comment Utility
Depending on how many of those remote vpn users typically connect simultaneously, you may want to consider starting with the base model and adding the sec plus license later if needed.

The base unit will support up to 10 simultaneous IPSec sessions.

The sec plus license essentially also doubles the cost of the unit and since it can be added later, you might want to determine if your remote users are always connected.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Yes - Good point.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now